Author Posts

October 5, 2016 at 2:57 pm

Hi all.

I need help with a job we have here, its about to remove a specific Domain local group from local administrators and add another global group on clients and servers.

I have successfully created an script that add the new global group. Thanks to https://gallery.technet.microsoft.com/scriptcenter/Add-AD-UserGroup-to-Local-fe5e9239

just run \Set-ADAccountasLocalAdministrator.ps1 -InputFile C:\ListofComputers.txt -Trustee domain\groupname

BUT the problem is that i cant find any script for the removal, i have tried
https://blogs.technet.microsoft.com/heyscriptingguy/2005/10/24/how-can-i-remove-a-group-from-the-local-administrators-group/

But get same error otherfilled in here

Like
At C:\PS_Scripts\remove_sedlgwksadmins.ps1:3 char:38
+ Set objAdmins = GetObject(“WinNT://” & strComputer & “/Administrators ...
+ ~
Unexpected token '&' in expression or statement.
At C:\PS_Scripts\remove_sedlgwksadmins.ps1:3 char:37
+ Set objAdmins = GetObject(“WinNT://” & strComputer & “/Administrators ...
+ ~
Missing closing ')' in expression.
At C:\PS_Scripts\remove_sedlgwksadmins.ps1:3 char:38
+ Set objAdmins = GetObject(“WinNT://” & strComputer & “/Administrators ...
+ ~
The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double quotation marks ("&") to pass it as part of a string.
At C:\PS_Scripts\remove_sedlgwksadmins.ps1:3 char:52
+ Set objAdmins = GetObject(“WinNT://” & strComputer & “/Administrators ...
+ ~
The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double quotation marks ("&") to pass it as part of a string.
At C:\PS_Scripts\remove_sedlgwksadmins.ps1:3 char:71
+ ... t objAdmins = GetObject(“WinNT://” & strComputer & “/Administrators”)
+ ~
Unexpected token ')' in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : UnexpectedToken

October 5, 2016 at 3:48 pm

That code is VBScript, not Powershell. Take a look at this example:

https://mcpmag.com/articles/2015/05/28/managing-local-groups-in-powershell.aspx

October 5, 2016 at 5:23 pm

May I ask why you're not using Group Policy for this? It should be much simpler to configure and easier to consistently enforce across your domain than a PowerShell solution.